News
Citrix Bleed Vulnerability Exploited by Hackers Within 24 Hours of Public Disclosure
7+ hour, 45+ min ago (443+ words) A threat actor operating from IP 146. 70. 139[.]154 targeted three separate Lupovis sensor deployments in a five-hour window on 30 June to 1 July 2026, ultimately delivering a confirmed CVE-2026-8451 exploitation payload. Notably, this activity is not yet reflected in the CISA Known Exploited Vulnerabilities…...
Phantom Squatting: When AI Hallucinated Domains Become Attacker Infrastructure
1+ hour, 37+ min ago (874+ words) Researchers at Palo Alto Networks Unit 42 documented a technique they're calling phantom squatting: attackers register domain names that LLMs consistently hallucinate, then sit back and wait for the traffic. No zero-days. No exotic exploit chains. Just a spreadsheet of domains…...
Opera Just Rolled Out a Way to Block Click Fix Attacks in Its Browser
8+ hour, 54+ min ago (491+ words) Lifehacker...
Medtronic warns patients of data exposure following April cyberattack | brief
1+ hour, 55+ min ago (59+ words) Medtronic warns patients of data exposure following April cyberattack SC Media Medtronic warns patients of data exposure following April cyberattack Aflac Japan data breach affects 4. 38 million customers Nissan confirms employee data exposed in Oracle People Soft cyberattack KDDI discloses data…...
Scanning a whole repo with confined LLM workers " Avala Security
3+ hour, 38+ min ago (1099+ words) We open-sourced a whole-repo security scanner in agent-code. Deterministic selectors shard the tree, then read-only LLM workers investigate each shard under a permission read-scope that a prompt injection in the scanned code cannot escape. Point one LLM agent at a…...
Pam Stealer: the mac OS stealer that checks your password through PAM before stealing it
1+ hour, 53+ min ago (668+ words) Someone double-clicks what they think is Maccy, a clipboard manager, and gets a mac OS password prompt: "Maccy wants to make changes." They type it in. Most infostealers would grab whatever you typed and run. This one validates it against…...
Windows finally removed update friction - now comes the harder part
9+ hour, 23+ min ago (280+ words) Lorem ipsum dolor ist amte, consectetuer adipiscing eilt. Aenean commodo ligula egget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quak felis, ultricies nec, pellentesque eu, pretium quid, sem. Microsoft is changing…...
Linux LUKS Vulnerability, Android Developer Verification Threat, Git Hub Secret Scanning Guide
2+ hour, 47+ min ago (1307+ words) Today's Highlights This week's top security news features a critical data leakage bug in Linux LUKS disk encryption, a deceptive new threat leveraging Android developer verification, and Git Hub's practical guide to managing secret scanning alerts at scale. These stories…...
Open STAManager 2. 9. 8 Exploit Risk, SQL Injection Clusters and Privilege Escalation
3+ hour, 21+ min ago (1648+ words) A useful way to read the public information is to group the issues by weakness pattern rather than by CVE number alone. The Open STAManager 2. 9. 8 exploit surface is not one route. It is a set of recurring implementation mistakes: That…...
1st "agentic ransomware" JADEPUFFER invades database at machine speed
2+ hour, 42+ min ago (74+ words) SC Media 1st "agentic ransomware" JADEPUFFER invades database at machine speed An In-Depth Guide to Ransomware 4 ways to combat the endless stream of phishing attacks New Choco Po C trojan targets security researchers with fake exploit code Aflac Japan data breach…...